Quest Software released insights into the adoption of
an increasingly popular approach to security - Identity Threat Detection and
Response (ITDR). According to a survey of 373 IT professionals across various
industries, organizations that have started their ITDR journeys are reaping its
security benefits, but many are running into roadblocks to unlock its full
potential.
The growing
prominence of ITDR is driven by organizations' need for a comprehensive and
effective approach to combat the consistent deluge of attacks against identity
infrastructure - especially Microsoft Active Directory and Entra ID, which are
used in more than 90% of organizations, according to Gartner.
Microsoft reports that credential misuse is a factor in 99% of the 600 million
daily identity attacks against Entra ID. ITDR strengthens organizations'
ability to prevent, detect, investigate and respond to identity-based threats -
the new perimeter for defense and the foundation upon which all other defense
layers sit.
Key insights
outlined in the report include:
- ITDR
measures are effective.
More than eight in ten (84%) of organizations are reaping benefits from
their ITDR efforts, even if ITDR has not been fully implemented. Over one
in three (36%) say their expectations have been fully met or exceeded.
- Implementation
complexity remains a significant challenge. The top three hurdles identified are integration with
existing systems (69%), lack of budget (61%) and insufficient expertise
(59%).
- Low ITDR
maturity persists. This
is attributed to a lack of strategic focus on identity threat prevention,
identity disaster recovery, and the involvement of internal IAM teams in
ITDR efforts. Only half of companies use an identity infrastructure
security solution, less than a third (31%) test their identity disaster
recovery plans, and only 34% cite their access management teams as being
primarily responsible for ITDR.
- Executive
understanding is a roadblock.
Nearly half of organizations point to a lack of executive understanding of
the ITDR business case as a challenge, as it leads to inadequate funding
of the effort.
"One
study participant mentioned that their executives believe multifactor
authentication alone is sufficient for ITDR. However, ITDR extends far beyond
general access management, encompassing all aspects of identity security,"
said John Hernandez,
President, and General Manager at Quest Software. "Our research
demonstrates that an ITDR strategy is proving highly effective in addressing
identity-based threats. The challenge now is to educate organizations so that
identity management and security teams receive the attention and funding they
need."
ITDR will take
center stage at Gartner's Identity and Access Management (IAM) Summit, held on
December 9-11 in Grapevine, Texas. Quest experts will participate in industry
discussions, including talks on strengthening
Zero Trust and ITDR Programs with Active Directory Best Practices
and hosting a happy hour during the Gartner IAM summit.
To receive a complimentary copy of a summary of
the research, visit
The State of ITDR: Adoption, Maturity and Effectiveness.